Addressing the Information Governance Challenge - Autonomy … the... · 2018-08-03 · Addressing the Information Governance Challenge 1 Introduction In today's rapidly changing

Addressing the InformationGovernance Challenge

Autonomy White Paper

Addressing the Information Governance Challenge

ContentsIntroduction 1

AWorld’sFirst 1

TheProblem:Regulatory,LegalandCorporatePressures 3

Some examples of the new legislation illustrate why information governance is now a board level issue. 3

TheImportanceofaSinglePlatformSolution 4

Real-TimePolicyManagement 5

TheNeedforEnterpriseInformationGovernanceArchitecture 5

BuildinganInformationGovernanceArchitecture 6

Search 6

Records Management 7

Policy Management 7

Enterprise Data Capture (EDC): No Need to Declare Records 7

Manage In Place (MIP) 8

Legal Hold 8

Automation: It’s Not an Either / or Choice 8

Archiving 9

Monitoring and Control 9

SeamlessConnectivitywithAutonomyDiscoverySolutions 9

Summary 10

AboutAutonomy 10

AboutHP 10

1Addressing the Information Governance Challenge

IntroductionIn today's rapidly changing business climate, information governance has risen to the top of every enterprise's list of concerns. The cost of ignoring governance has become substantial as the proliferation of electronic information amidst an increasingly regulatory environment has made it prohibitively expensive to take a reactive approach to the issue. The dramatic growth in the use of electronic information within businesses and the need for higher standards in business practice are well known, but less known is the new technology solutions which are able to address the issues and remove a substantial burden from the management team and users at all levels within the enterprise.

Information governance refers to the way in which an enterprise manages and controls its business information. At the heart of many of the new challenges is need for control. Control of information means:

• Knowing what information you have

• Understanding its value and taking the appropriate actions based on the value of each content, whether it means long-term archival or quick disposal

• Ensuring it is discoverable, quickly accessible and can be secured for legal and regulatory purposes

• Ensuring it is only accessible to those with right of access

• Ensuring it is retained and disposed according to applicable corporate and legislative rules.

A World’s First Autonomy is a global leader in infrastructure software that helps enterprises achieve governance of all of their information assets. More than 80% of all data in an enterprise is unstructured information. This encompasses emails, documents, images, web pages, recorded audio, video and hundreds of additional formats stored in many different locations. Ensuring control and management of this strategic yet vastly dispersed resource is very challenging, but a challenge that must be mastered since any electronic information may be the subject of an eDiscovery order.

In order to take control over this increasingly complex and vast amount of rich information, an entirely new approach is needed: one where the software can form an understanding of the content through pattern-matching and idea-distancing. Autonomy’s uniquely advanced technology can help companies ensure better governance, reduce errors and fraud and balance the interplay between people and computers by understanding the meaning of information. This approach is known as Meaning Based Computing.

Autonomy Information Governance is the industry’s first information governance platform that leverages meaning-based computing to provide automated real-time policy management based on a conceptual and contextual understanding of the entire corpus of enterprise information. Autonomy’s unique technology represents a major step forward in reducing risks inherent in information by applying policy based on understanding the actual content of an email, document or phone recording instead of relying solely on its metadata.

With the Autonomy Intelligent Data Operating Layer (IDOL) infrastructure, a market-leading pan-enterprise search platform, at the core of the information governance platform, organizations benefit from a unique value proposition that no other technology can match. By storing all content—structured, semi-structured, unstructured, transactional and archived—in a single IDOL index, enterprises are given a unified, holistic view of the entire enterprise knowledgebase

2 Addressing the Information Governance Challenge

and can realize relationships that lead to consistent enforcement of governance policies, reduction in duplicate work, and other significant cost-saving benefits. To automate real-time policy management, the Autonomy Information Governance platform provides a dynamic and real-time environment to visualize and control policy-driven information in the organization. This is accomplished through a vendor neutral infrastructure using more than 400 out-of-the-box data repository connectors that allow management in place and retrieval of email, documents, audio, or video information across the entire enterprise.

This streamlined approach addresses the escalating complexities and urgency in

managing information policy across the global enterprise, driven by the threat of multi-million dollar regulatory fines and brand degradation. Autonomy Information Governance combines pan-enterprise search infrastructure, policy management, legal hold, records management, role-based dashboards, and workflow tools to simplify information risk management for the CIO, legal counsel, and corporate compliance officers. This enables the acceleration of policy enforcement for compliance needs whether that is to enforce record keeping requirements or legal hold management, including notification, preservation, collection. The Autonomy Information Governance platform allows faster and more efficient identification of issues to accelerate problem resolution and ensure policy enforcement.

Autonomy employs a unique combination of technologies to enable computers to:

• Understand, in context, all available information and to apply that knowledge to ensure compliance responsibilities are met and to support the achievement of superior business processes

• Eliminate the traditionally manual and costly operations to process and analyze information by performing these functions automatically and in real-time

• Locate and manage business records in the most cost effective way either ‘in-place’ or in a centralized archive

• Automatically classify content according to business rules defining access rights, optimal storage methods, retention and disposition periods and business processes

• Identify duplicate and near-duplicate content to minimize storage costs and reduce eDiscovery times

• Manage the retention and disposition of key business records

• Seamlessly connect with Autonomy’s eDiscovery solutions for the most effective eDiscovery and collection processes possible when required to identify and produce relevant content

• Continuously enforce legal hold even when the user machine is not connected to the corporate network


The Problem: Regulatory, Legal and Corporate PressuresEnterprises have always had a requirement to preserve documents and records for the long term to satisfy compliance, legal and knowledge management requirements. The history of records management is centuries old and has previously been concerned primarily with managing paper documents. In the last decade however there has been a dramatic switch from paper to the use of a wide range of electronic media as preferred method of the communication within businesses. Electronic information is quicker to create, quicker to transmit and quicker to respond to. It is also easier to transport, access, copy, modify and duplicate. Enterprises are now completely dependent on information electronic information and communications. The benefits are obvious, but there are also challenges that have to be addressed relating to storage, rights of access, accuracy, availability and disposal. An enterprise’s information belongs to the enterprise and should be treated as a corporate asset but it is often treated as personal data as if it belongs personally to a member of staff. It is imperative that control of vital information be retained by the business.

In addition to the growth of electronic information, executives in every sector, both public and private have seen a huge increase in regulation and legislative responsibilities in the last eight to ten years. These responsibilities have arisen for three main reasons:

• The need for new or modified legislation to address the increased use of electronic information

• The need to demonstrate fairness and good governance in business practices following a number of high profile and well publicized business scandals such as those at Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom

• An increase in the rights of individuals to access personal information being held by businesses and other enterprises

These factors have placed a huge new responsibility on the enterprises and in many cases specifically on the senior management of the business who may be held personally responsible for the retention and disposition of information under certain legislation.

Some examples of the new legislation illustrate why information governance is now a board level issue.

1. The Federal Rules of Civil Procedure (FRCP) were amended on December 1, 2006, to expand their definition and structure to include electronically stored information as a class of legally discoverable business data. The new rules make allows eDiscovery and amendments now ensure equivalent treatment of electronic content and paper documents. These changes apply to every size enterprise and even the smallest company can face financial and market devastation from discovery, litigation, legal fees, court costs and settlements. All electronically stored information (ESI) relevant to a case, regardless of data format, must now be reproduced in 99 days. It therefore follows that FRCP-compliant search technology must index and search all enterprise content in its entirety to ensure completeness and accuracy of the search results.

2. In 2007 the United Kingdom Financial Service Authority (FSA) introduced Conduct of Business Sourcebook (COBS) Instrument 2008/6, directly addressing the regulatory requirements of the recording of telephone conversations and electronic communications in the Financial Services sector. When effective on March 6, 2009 a new requirement, COBS 11.8, will require companies to take reasonable steps to record and retain all relevant, client-related telephone conversations conducted on equipment provided or permitted by the firm, excluding mobile telephones. The information must be retained for a minimum of 6 months and be stored and managed in a manner that is easily assessable, preserves the original from alteration and is auditable by the FAS (auditors). For many companies, achieving compliance will require significant updates in their governance policies and IT systems.

3. In 1997 the Securities Exchange Commission (SEC) amended the primary rule 17a-4 of the SEC Act (1934), introduced to protect investors from fraudulent of misleading claims in the securities industry, to allow brokers to store records electronically including email and instant messages.


4a. The Financial Industry Regulatory Authority (FINRA) is the largest non-governmental regulator for all securities firms doing business in the United States and is dedicated to investor protection and market integrity through effective and efficient regulation and complementary compliance and technology-based services. FINRA touches virtually every aspect of the securities business—from registering and educating all industry participants to examining securities firms; writing and enforcing rules and the federal securities laws; informing and educating the investing public; providing trade reporting and other industry utilities; and administering the largest dispute resolution forum for investors and registered firms. FINRA’s compliance rules mirrors those of the SEC.

4b. FINRA Conduct Rule 3010(d)(3) and Conduct Rule 3110(a) of 2002, requires members to retain correspondence of registered representatives relating to investment banking or securities and make and preserve books, accounts, records, memoranda and correspondence in conformity with all applicable laws, rules, regulations and statements as prescribed by SEC Rule 17a-3 and in a format, medium and retention period that complies with SEC Rule 17a-4.

5. The Sarbanes-Oxley Act of 2002 (also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox, is a US federal law and was introduced in response to a number of major corporate and accounting scandals. This legislation is very wide-ranging and is intended to improve governance standards for all U.S. public company boards, management, and public accounting firms. Of the 11 sections a number are specific in the need for information governance. Section VIII makes it a criminal act to knowingly destroy or create documents to impede, obstruct, or influence any existing or contemplated federal investigation. Section IX of Sarbanes-Oxley, also known as the White Collar Crime Penalty Enhancements Act of 2002 makes it a crime to tamper with a record or otherwise impede any official proceeding.

6. Many countries have introduced a Freedom of Information Act (FOIA) which the public legal rights to full or partial disclosure of previously unreleased information and documents controlled by government bodies in response to more open government. These acts give individuals the ability to request access to a wide range of information. The implementation of the acts make it necessary for government bodies to respond to access request in very short periods and to be subject to penalties if there are unable to do so. The implementation of the act requires all government bodies to be in implement strong information control and management of their records.

7. In the European Union, MiFID – the Markets in Financial Instruments Directive - requires investment firms in Member States to keep at the disposal of the competent authority, for at least five years, the relevant data relating to all transactions in financial instruments which they have carried out, whether on own account or on behalf of a client. In the case of transactions carried out on behalf of clients, the records shall contain all the information and details of the identity of the client, and the information required under Council Directive 91/308/EEC of 10 June 1991 on prevention of the use of the financial system for the purpose of money laundering.

The Importance of a Single Platform Solution

IDOL serves as a common platform across the entire Information Risk Management spectrum, including pan-enterprise search, information governance and eDiscovery


The explosion of electronic information is leading to a convergence of information management, information governance and eDiscovery as all three disciplines attempt to control the growing volume of content. Whether the issue is determining how long to keep a document, how to preserve, collect, review and produce that document for litigation, or simply how to make it findable amongst millions of documents for enterprise search, there is an acute need for an infrastructure solution that enables repeatable business processes.

IDOL serves as the underlying platform for enterprise search, the Autonomy’s Information Governance platform and all of Autonomy's eDiscovery solutions. With Autonomy’s single platform solution, organizations have the flexibility to leave sensitive data in the operational layer (Manage-In-Place) or move it to Autonomy’s intelligent archives at any point in time. Once the information is indexed, analysis can be performed simultaneously across Autonomy’s archives and operational systems for compliance and litigation, ensuring consistency of results. Along with significantly lower installation and maintenance costs, organizations eliminate the risks and excessive costs associated with handing off client data between vendors.

Real-Time Policy Management A highly managed approach to information governance is necessary to minimize costs, risks and penalties. In most enterprises the vast amount of data and the number of people involved requires the effective implementation of strong polices which should be ideally in real-time if legislative responsibilities are to be met. Information should be continuously monitored and tracked through its lifecycle. Where information is deemed to be a business record it should be preserved according to corporate policies. When litigation or an investigation requires relevant information to be identified and secured, the legal hold notification and legal hold processes processes should be implemented immediately. To ensure greater control and minimal risk enterprises need technology and solutions to manage the processes of information governance. The Autonomy Information Governance Architecture is an extensible platform which provides enterprises of every size the technology to implement a real-time solution specific to their own unique information governance requirements.

The Need for Enterprise Information Governance Architecture The specific governance requirements of each enterprise are different and each enterprise will need to assess what information needs to be managed and for how long specific records are kept. Who can access what content, and who decides when content should be disposed of, are policy decisions which need to be agreed upon and captured in business rules which must then precisely followed. Each enterprise needs to implement its own Information Governance Architecture.

There are two primary components to an Information Governance Architecture;

1. The corporate policies and rules governing the use, rights of access, retention and disposition periods of each business document. The policies and rules of information governance are often held in a Retention Schedule, which can be implemented as a flat or hierarchical structure – also known as a file plan (see diagram);

2. The technologies which ensure that the corporate policies and rules are applied and auditible. Depending on the specific needs of an enterprise different technologies will need to be implemented, the most common will include search, records management, email management and workflow and support for a range of eDiscovery capabilities. Since the different technologies need to be applied as a coherent framework it is important that they are designed to work together.


The Autonomy Information Governance Architecture has been designed to meet the needs of every type of enterprise and is highly configurable, flexible and scalable supporting a wide range of operating platforms, data formats and has out-of-the-box connections to over 400 enterprise systems.

If you count every laptop and PC as a separate data store an enterprise may need to monitor and control data on significantly more data stores than there are people. These data stores will range from an individual’s PC to many central storage devices, application databases, mobile devices and websites. Managing hundreds and millions of content files in multiple data stores across an enterprise is an impossible objective without the aid of technology.

Building an Information Governance ArchitectureThe key components of an Information Governance Architecture are:

SearchSearch technology should underpin all the other technologies in the architecture. Autonomy’s unique meaning-based search enables corporate rules and policies to be automatically applied to every file in every data store under its supervision by continuously monitoring what files are added or deleted from the corporate data stores, by understanding their context and meaning, and by automating applying the appropriate corporate policies pertinent to the file.

Autonomy’s pan-enterprise search platform performs conceptual and contextual analysis and probability matching on information to find the meaning within and the inter-relationships between and among disparate pieces of content. By supporting more than 1,000 different data formats, including structured, semi-structured, and unstructured data, located across 400 different content repositories, Autonomy can search all categories of information repositories in an organization. It is fault-tolerant using load balancing and mirroring, highly scalable, secure, and has sub-second performance on billions of files.


Records ManagementRecords Management underpins many key business activities by ensuring that business information is efficiently controlled and ensures that an organization knows what information it has, is confident of its accuracy, and that it is discoverable and quickly accessible. Records Management ensures that controlled information is only accessible to those with the right of access and that it is duly retained according to corporate and legislative and legal requirements after which it is appropriately disposed. Massively scalable with proven capability to support tens of thousands of users managing hundreds of millions of files, Autonomy Records Management has nearly one million users across the globe and customers in every market. Unlike other solutions, Autonomy Records Management seamlessly delivers records retention and disposition that users can and will adopt without the need to declare records. Autonomy Records Management solutions have been designed to be as easy to use as possible eliminating the need for most users to understand the terminology and the nuances of record management technology. Many operations are automated or reduced to ‘one-click’.

Autonomy Records Management automates the process of records declaration and provides automatic categorization by leveraging the power of IDOL. Through duplicate and near-duplicate identification, storage costs are minimized and by using Autonomy Records Management in conjunction with other Autonomy modules, information under legal hold will not be inadvertently compromised or destroyed. Autonomy records management solutions are fully configurable: records declaration, categorization, and the definition of corresponding retention periods compromised or destroyed. automated using a policy-based approach, with the option of by end-user involvement should administrators so wish.

Policy ManagementPolicy management supports enterprise governance by defining the rules which govern the location, rights of access and retention period and disposal rules for each file, type of document or specific document independent of creator or user. Policy management is an integral element of Autonomy Records Management. Unlike traditional approaches, Autonomy automates information governance and disposition policy by understanding the meaning of all information across an enterprise regardless of data type, language or repository. Information can be automatically categorized to determine its retention and disposition schedule based on business value, regulatory requirement or relevance to a legal matter. Policies can be defined, monitored and enforced on a global basis to comply with country-specific information privacy laws, while supporting global certifications such as DoD 5015.2, TNA 2002 and VERS.

Enterprise Data Capture (EDC): No Need to Declare RecordsAutonomy Records Management seamlessly delivers records retention and disposition that users can and will adopt without the need to declare records. Using Autonomy’s advanced EDC, the process of records declaration can be automated, leveraging automatic categorization using the power of IDOL. The asynchronous transfer to the Autonomy Record store in background mode ensures there is no system degradation on live applications.


Manage In Place (MIP)Many enterprises have implemented or acquired a number of disparate data stores and have an IT environment with multiple existing and diverse content stores (such as ERP systems, Microsoft SharePoint, ECM systems, Files Stores, Email archives). Each will have its own way of handling retention and disposition. Large companies or government agencies may have over one hundred separate systems, with each holding a significant number of business records. One solution is to move all key records into a single records management repository but this is an expensive, architecturally disruptive model requiring require business applications to be rewritten to support the new repository.

The resulting solution would be immediately out-of-date and insufficient, as new requirements and regulations are introduced regularly. In addition, the amount of content that is being created and needing to be held as records is growing daily. It is no longer feasible to maintain the accuracy of records information by relying entirely on staff to file records correctly. It is much more efficient if this burden can be minimized or completely removed and be performed as an automated background system activity in real-time.

Recognizing the need for a more flexible approach, Autonomy has introduced a MIP solution built on its unique ability to enforce retention and disposition policies in real-time. Autonomy has already solved the difficult challenge of securely gaining access to hundreds of different repositories. Autonomy Records Management allows an enterprise to implement consistent retention policies while leaving documents ‘in-place’ and being centrally managed.

Legal HoldThe duty to preserve potentially relevant electronically stored information (ESI) when litigation or an investigation is reasonably anticipated is a pressing concern for legal and IT professionals. It is an ever-increasing priority because failure to preserve and produce ESI has severe consequences under the amended FRCP. As part of a defensible process, the organization must be able to issue, manage, and track the lifecycle of multiple legal holds simultaneously while ensuring all potentially relevant ESI is preserved and collected.

Autonomy’s solution for legal hold reduces the risks and costs associated with the duty to preserve, extending the organization’s control of its information to the edge of the network and beyond. The solution applies intelligent legal hold policies against an enterprise’s full corpus of data, whether it lives on the network server or an employee’s remote laptop; data can be automatically preserved in place, in real-time, to be securely collected when needed for processing and review. Aungate Legal Hold is a holistic solution built to manage cases, custodians, notifications, acknowledgements, collections, and dispositions. Each step of the process is consistently executed and managed–on the information governance platform. Legal Hold is fully auditable, easy to use, and automates the workflow and processes necessary to demonstrate good faith compliance with the duty to preserve.

Automation: It’s Not an Either / or ChoiceFully automating retention and disposition has obvious efficiency gains, but the perceived loss of control might appear to be a stumbling block for implementing such solutions in heavily regulated sectors such a government or defense. Autonomy’s experience as the leader in pan-enterprise search has led it to understand that customers do not necessarily want an either/or choice with regards to automation. Autonomy Records Management solutions are fully configurable: records declaration, categorization, and the definition of corresponding retention periods can not only be automated using a policy-based approach, but these processes can also be complimented with end user involvement should the organization so wish.


ArchivingArchiving captures and preserves email messages, files, email, rich-media and other content in a way that both optimizes long- term storage and allows immediate access for:

• Mailbox management

• Compliance

• Legal purposes

The Autonomy consolidated archive is the first and only solution with the functionality, performance and scalability needed to address the challenging requirements of collecting, consolidating, making available and ultimately destroying information when it comes from multiple proprietary systems, in multiple languages and in hundreds of different content formats and to prepare the infrastructure for the next round of challenges. Like all Autonomy products, the Autonomy consolidated archive benefits from the IDOL platform’s scalability, connectivity and search and analytics technologies to provide an archive infrastructure capable of ingesting terabytes of new rich media and text content on a daily basis. The unique architecture of the IDOL platform ensures that the search, management and retrieval of content are as scalable and high performing as the archival process.

Monitoring and ControlThe volumes of information to be controlled are often huge providing a very sizeable management task to ensure that policies and rules are being followed, legal holds are monitored and that as retention end dates are reached content eligible for disposal are reviewed and actioned in a scalable and efficient manner.

Autonomy’s advanced dashboard technology provides both the required detailed and the consolidated views to minimize the work involved and provide executive confidence. This streamlined approach addresses the escalating complexities and urgency in managing information policy across the global enterprise, driven by the threat of multi-million dollar regulatory fines and brand degradation.

Seamless Connectivity with Autonomy Discovery SolutionsAutonomy Information Governance seamlessly connects with Autonomy Discovery Solutions to enable a secure and auditable solution for all aspects of legal hold, eDiscovery, review and production. Since IDOL serves as the underlying platform for all of Autonomy's Information Risk Management (IRM) modules, including every stage of litigation that spans the complete Electronic Discovery Reference Model (EDRM), the integrated architecture unifies enterprise search, information governance and eDiscovery while reducing the risk of spoliation.


SummaryIn a world of increasing regulation and frequent litigation, information governance is a concern that every enterprise must address. The volume and complexity of information and business processes are now so great that the processes of management, assessment, notification, collection, eDiscovery, and reporting are too difficult and expensive to do manually. Autonomy provides a real-time holistic solution that eliminates risk and provides a platform for complete information governance. As well as addressing regulatory and legislative responsibilities Autonomy provides the most complete platform available for the efficient management of unstructured data throughout the enterprise. Every step from defining information policy to applying that policy and ensuring it is followed accurately across every repository in the business is now possible. Each step of the information lifecycle can be managed in real time. Autonomy Information Governance and Autonomy Discovery Solutions enable a secure and auditable solution for all aspects of eDiscovery, review and collection in litigation cases. Implementing Autonomy Information Governance not only addresses the major business problems of information governance and litigation but also provides the foundation for all information and knowledge management processes throughout all business processes and provides major potential for business process improvement

throughout the enterprise.

About Autonomy Autonomy, an HP Company, is a global leader in software that processes human information, or unstructured data, including social media, email, video, audio, text and web pages, etc. Autonomy’s powerful management and analytic tools for structured information together with its ability to extract meaning in real time from all forms of information, regardless of format, is a powerful tool for companies seeking to get the most out of their data. Autonomy’s product portfolio helps power companies through enterprise search analytics, business process management and OEM operations. Autonomy also offers information governance solutions in areas such as eDiscovery, content management and compliance, as well as marketing solutions that help companies grow revenue, such as web content management, online marketing optimization and rich media management.

Please visit www.autonomy.com to find out more.

About HPHP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems.

More information about HP (NYSE: HPQ) is available at www.hp.com.


The information contained herein is subject to change without notice. Autonomy shall not be liable for technical

or editorial errors or omissions contained herein. All other product and company names may be trademarks or registered trademarks of their respective owners. This

document is for informational purposes only. Autonomy is not making warranties, express or implied, in this document.

20120307_RL_WP_InfoGovChallenge

Documents

Addressing the Information Governance Challenge - Autonomy … the... · 2018-08-03 · Addressing the Information Governance Challenge 1 Introduction In today's rapidly changing